This section provides background information related to the present disclosure which is not necessarily prior art.
Payment cards such as credit cards and debit cards are very widely used for all forms of financial transactions. The use of payment cards has evolved significantly with technological developments over recent years. Originally, transactions were on paper, using an imprint of a transaction card and confirmed by a signature. This approach was largely replaced by use of a magnetic stripe of a transaction card swiped through a magnetic stripe reader on a point of sale (POS) terminal to perform a transaction. Transaction cards developed to contain an integrated circuit (“chip cards” or “smart cards”) communicate with a smart card reader in the POS terminal. Using this approach, a transaction is typically confirmed by a personal identification number (PIN) entered by the card user. Cards of this type typically operate under the EMV standard for interoperation of chip cards and associated apparatus (such as POS terminals and ATMs). ISO/IEC 7816 provides a standard for operation of cards of this type.
Technology has further developed to provide payment cards which operate contactlessly—under EMV these are covered under the ISO/IEC 14443 standard. Using such cards, the account number can be read automatically from the card by a POS terminal, generally using a short range wireless technology such as Radio Frequency Identification (RFID). This approach is generally referred to as “contactless” or “proximity” payment. This is typically enabled by embedding of an RFID tag in a card body together with a suitable antenna to allow transmission and receipt of wireless signals. The transmissions may be powered by a radio frequency interrogation signal emitted by a proximity reader in the POS terminal. For an effective connection to be made, the payment card may need to be brought into very close proximity to the proximity reader. This has security benefits and prevents confusion if there are multiple enabled payment cards in the general vicinity of the proximity reader, as will typically be the case in a retail establishment, for example. This may be achieved by tapping the antenna of the payment card against the proximity reader of the POS terminal.
A proprietary system, known as PayPass®, has been developed for performing contactless transactions. It is also appreciated that it would be possible to use a computing device such as a mobile telephone as a proxy for a payment card. A mobile payment application, Mobile PayPass™, has also been developed which can be downloaded to a mobile cellular telephone handset (hereafter “mobile phone”) to act as a proxy for a payment card using Near Field Communication (NFC) technology standards, which are built into the majority of current mobile phones. NFC is a development upon RFID, and NFC-enabled devices are able to operate in the same manner as RFID devices. Though an NFC-device is active rather than passive, as it is powered by the mobile phone battery rather than relying on inductive pickup from a reader device. Using Mobile PayPass™, a user can conduct tapping based transactions with a proximity reader, as well as perform account management operations over an appropriate network interface (cellular, local wireless network) in an online banking interface with the user's account provider.
In addition to these card usage models, there are also an increasing number of CNP (Customer Not Present) transactions. These typically take place telephonically or online, and transactions are authorized by provision of the card's PAN (Primary Account Number) together with such a selection of further credentials (such as cardholder name, card expiry date and CVC code) considered sufficient for the card issuer to authorize the transaction.
As the payment infrastructure becomes more flexible but also more complex, it also becomes more difficult to protect the system and all its users against subversion and fraud. New forms of authentication are used in addition to established methods such as provision of user signatures and use of a user PIN, or the provision of additional alphanumeric credentials. One known approach to authenticate a person is use of voice biometric data. Voice biometric systems use acoustics and speech analysis techniques to determine characteristic aspects of speech to process and store voice prints that characterize the speech of a particular user to enable that user to be distinguished from other speakers so that a speaker identity can be verified to a high degree of confidence. Various technologies can be used to obtain voice prints (for example, frequency estimation, hidden Markov models and neural networks). Further discussion of known techniques may be found in standard reference works such as H. Beigi, “Fundamentals of Speaker Recognition”, Springer, N.Y., ISBN 978-0-387-77591-3.
Commercial authentication products using voice biometrics are available from companies such as ValidSoft. VoicePay™ offers a service which involves authentication of a user of a payment system by voice biometric data to support making transactions by telephone. A user registers with the VoicePay™ system, and the user is then called by the VoicePay™ service which is trained with the user's voice using set phrases so that the user can be recognized subsequently. Card details are registered with the VoicePay™ service. When the user wishes to make a transaction, the VoicePay™ service is alerted and calls the user. The VoicePay™ service provides transaction details to the user, who is then asked to make a voice signature to “sign” the transaction.
As voice biometric data is a relatively effective way to authenticate users, it would be desirable to use this approach still more effectively, particularly in order to provide convenience of use and security for users.